All the latest UK technology news, reviews and analysis


Microsoft to patch Internet Explorer ActiveX Control zero-day vulnerability

12 Nov 2013
Microsoft Internet Explorer

Microsoft has released a fix for an ActiveX Control critical vulnerability in its Internet Explorer (IE) browser that was being targeted by an advanced watering hole attack.

Microsoft Trustworthy Computing (TwC) group manager of response communications Dustin Childs confirmed the fix in a post on the company's Security Response Center blog.

"The security update will be distributed to customers tomorrow [Tuesday 12 November] via Windows Update at approximately 10am PDT [6pm GMT]. Customers who have Automatic Updates enabled will not need to take any action to receive the update," read the post.

The IE vulnerability was discovered by security firm FireEye earlier in November. The vulnerability is known to have been targeted with an advanced watering hole attack. Watering hole attacks are scams that see hackers turn websites commonly visited by their intended victim into malware-distribution tools.

The attack is significant as it was able to put malware directly onto a computer's memory without first writing it to the hard disk. The execution made it more difficult for companies to check whether their systems had been compromised by the malware using traditional techniques.

Childs called for businesses to take temporary protective measures while they wait for the full fix. These include setting the company's internet and local intranet security settings to high, configuring IE to send a prompt before running Active Scripting or disabling Active Scripting completely and deploying Microsoft's Enhanced Mitigation Experience Toolkit (EMET).

The IE vulnerability discovery comes during a reported boom in cyber attacks. Microsoft released a workaround fix for vulnerabilities in Microsoft's Lync, Office and Windows Server earlier in November, and it is now building a full patch.

The severity of the threat posed by hackers has led many companies to call for increased collaboration between security vendors. Symantec pledged to create a centralised information-sharing big data hub to help customers spot targeted attacks in October.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?
22%
6%
3%
3%
66%

Popular Threads

Powered by Disqus
Xperia Z2 vs Galaxy Note 3 video review.jpg

Xperia Z2 vs Galaxy Note 3 video review

We pit Sony's 2014 flagship against Samsung's ruling phablet

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Java Developer - Leading Software House -60K

Senior Java Developer - 60K Austin Fraser has the...

PHP Developer up to £45K

Austin Fraser has the pleasure of appointing a number...

Head of IT Projects

Head of IT Projects Annual Salary: Up to £48,153...

Head of IT Service Management

Head of IT Service Management Annual Salary of up...
To send to more than one email address, simply separate each address with a comma.